ISC StormCast for Wednesday, February 9th, 2022
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 9 February 2022
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Wednesday, February 9, 2020 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:13.9 | Well, it's patched Tuesday, so we'll start the podcast with a quick summary here, but it wasn't actually that bad compared to prior |
| 0:24.3 | patch Tuesdays. 70 vulnerabilities total are being fixed here, but I think that's the first one. |
| 0:32.1 | None of the vulnerabilities are rated critical. Also, none of the vulnerabilities have been exploited before and only one was previously disclosed. Now, somewhat of note are four privilege escalation vulnerabilities in the Windows print spooler. Now, these type of vulnerabilities are nothing new, but for one of them, we already have an |
| 0:57.1 | extensive write-up, including details as to how to exploit the vulnerability. This vulnerability |
| 1:04.6 | is based on an older vulnerability CVE 2020 1048. |
| 1:11.0 | That vulnerability really consisted in just pointing a printer to a file, which then would allow anybody to overwrite that file. |
| 1:21.1 | Microsoft patched that back in 2020, but since then there have been various bypasses of the original patch, starting with |
| 1:31.2 | simple SimLink attacks, but this latest vulnerability is a little bit tricky, but still |
| 1:38.0 | sounds not all that difficult to exploit in that a user has to set up a new printer and then essentially set |
| 1:47.5 | up a spool directory for the printer and then trick this printer into writing files into |
| 1:53.4 | the printer driver directory which then again an attacker could write a dllLL into that directory that is then loaded. |
| 2:03.5 | So stitching essentially together a couple of prior vulnerabilities and again ending up with |
| 2:11.4 | a privilege escalation. |
| 2:13.5 | Like I said, there is a great and very detailed write-up about this. |
| 2:17.2 | If you want to do more, it's more complex than that and really hard to cover within the podcast. |
| 2:24.4 | Nothing else that really stuck out here among those vulnerabilities. |
| 2:28.6 | Also a bunch of chromium vulnerabilities, of course, that had already been patched earlier this month. So given that there isn't really any |
| 2:36.7 | emergency here, take the time and hone a little bit your patch management process, maybe go over |
| 2:43.6 | some of the prior month's patches, make sure they all got applied properly. And Google is reducing a new virtual machine threat detection service. |
| 2:56.0 | This is a preview release at this point and will be a built-in part of the security command center premium. |
| 3:05.9 | One of the initial goals they're going for here is to detect crypto coin miners, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.